WebProNews

Tag: data breach

  • Acer Suffers Data Breach, 160GB of Data For Sale Online

    Acer Suffers Data Breach, 160GB of Data For Sale Online

    Acer has confirmed a data breach, one that has resulted in 160GB of data being posted for sale online.

    According to BleepingComputer, bad actors compromised “a server hosting private documents used by repair technicians.” The data, some 160GB worth, was allegedly stolen in mid-February and has since been posted for sale on a popular hacking forum.

    Acer confirmed the breach in a statement to BleepingComputer:

    “We have recently detected an incident of unauthorized access to one of our document servers for repair technicians.

    “While our investigation is ongoing, there is currently no indication that any consumer data was stored on that server.” – Acer.

    Hopefully, Acer’s initial evaluation will prove true. Unfortunately, not only have major data breaches been on the rise, but it’s becoming far more common for initial investigations to reveal only half the story, with subsequent investigations revealing the scope of the breaches being far more than originally thought.

    For now, anyway, customers appear to have dodged the bullet. We will continue to monitor and update as more details become available.

  • Verizon Reportedly Suffered a Breach Exposing 7.5M+ Customer Records

    Verizon Reportedly Suffered a Breach Exposing 7.5M+ Customer Records

    Verizon is the largest US carrier, but it appears to have joined T-Mobile in the ranks of those recently suffering a data breach.

    According to the SafetyDetectives cybersecurity team, a database containing 7.5 to 9 million Verizon customer records has been been uploaded to an online forum. The records include data for both cellular and home internet customers.

    According to SafetyDetectives, the data does not appear to be particularly sensitive, although it is recent, with the forum post claiming the data was “stolen by hackers” in January 2023.

    Our researcher believes that the leaked database contains data stored by Verizon prior to January 2022. SafetyDetectives has reached this conclusion concerning the timeframe due to clues hidden in the filenames contained in the records. However, we cannot be conclusive with these indicators alone.

    Overall, the breach does not appear to be cause for much direct concern, although the data could be cross-referenced with other breaches to build a more complete profile of impacted users.

    While the information contained in the records does not appear to be highly sensitive or to contain Personal Identifiable Information (PII) – such as full names or physical addresses – some of the data points could be merged with other leaks. For example, if combined with an existing PII leak, an attacker could have a higher chance of success in impersonating a customer.

  • GoDaddy Suffered Multi-Year Breach, Malware Installed On Servers

    GoDaddy Suffered Multi-Year Breach, Malware Installed On Servers

    GoDaddy has informed customers it suffered a multi-year breach, one that involved hackers installing malware on its servers.

    GoDaddy said it started receiving complaints from customers in December 2022. Some customers reported their websites intermittently redirecting to other domains. The company investigated, but the issue was difficult to prove since it appeared to be happening randomly across its customer base.

    Ultimately, the company realized it had been hacked and malware was responsible for the unusual behavior:

    As our investigation continued, we discovered that an unauthorized third party had gained access to servers in our cPanel shared hosting environment and installed malware causing the intermittent redirection of customer websites. Once we confirmed the intrusion, we remediated the situation and implemented security measures in an effort to prevent future infections.

    In the company’s 10-K filing, it acknowledged the breach was the result of a multi-year campaign against the it:

    Based on our investigation, we believe these incidents are part of a multi-year campaign by a sophisticated threat actor group that, among other things, installed malware on our systems and obtained pieces of code related to some services within GoDaddy.

    GoDaddy says it is applying the lessons it has learned from this breach in an effort to improve security. The company also says “these incidents as well as other cyber threats and attacks have not resulted in any material adverse impact to our business.”

    Despite its assurances, it’s a safe bet many customers will likely start migrating away from GoDaddy to more secure hosting services, something that will likely have a major impact on its business.

  • Google Fi Impacted by Latest T-Mobile Breach

    Google Fi Impacted by Latest T-Mobile Breach

    T-Mobile’s latest data breach may have cast a wider net than previous ones, with Google Fi customers among those impacted.

    T-Mobile alerted customers in mid-January that it had been hit by a data breach, one that impacted some 37 million customers. However, it appears T-Mobile’s customers weren’t the only ones affected.

    Google Fi has sent a notice to its customers indicating their data may also have been included in the T-Mobile breach. Below is the email customers received, via 9to5Google:

    Dear Google Fi customer,

    We’re writing to let you know that the primary network provider for Google Fi recently informed us there has been suspicious activity relating to a third party system that contains a limited amount of Google Fi customer data.

    There is no action required by you at this time.

    This system is used for Google Fi customer support purposes and contains limited data including when your account was activated, data about your mobile service plan, SIM card serial number, and active or inactive account status.

    It does not contain your name, date of birth, email address, payment card information, social security number or tax IDs, driver’s license or other form of government ID, or financial account information, passwords or PINs that you may use for Google Fi, or the contents of any SMS messages or calls.

    Our incident response team undertook an investigation and determined that unauthorized access occurred and have worked with our primary network provider to identify and implement measures to secure the data on that third party system and notify everyone potentially impacted. There was no access to Google’s systems or any systems overseen by Google.

    If you are an active Fi user, please note that your Google Fi service continues to work as usual and was not interrupted by this issue.

  • JD Sports Notifies Customers of a Data Breach

    JD Sports Notifies Customers of a Data Breach

    JD Sports has notified customers of a data breach, although it says “the affected data is limited.”

    JD Sports published a notice on January 30 that it had suffered a “cyber incident” in which a hacker gained unauthorized access to customer data involving online orders that were placed between November 2018 and October 2020. Despite the amount of data accessed, the company says the data does not include full payment information, nor does it have any reason to believe account passwords were breached.

    Despite the reassurance, the company says the compromised data does include “the name, billing address, delivery address, email address, phone number, order details and the final four digits of payment cards of approximately 10 million unique customers.”

    “We want to apologise to those customers who may have been affected by this incident,” said Neil Greenhalgh, JD Sports CFO. “We are advising them to be vigilant about potential scam e-mails, calls and texts and providing details on how to report these. We are continuing with a full review of our cyber security in partnership with external specialists following this incident. Protecting the data of our customers is an absolute priority for JD.”

  • Hackers Stole LastPass Encryption Key

    Hackers Stole LastPass Encryption Key

    The news from LastPass keeps getting worse, with parent company GoTo admitting an encryption key was stolen in its latest breach.

    LastPass suffered a data breach in August and has been slowly releasing more details regarding the severity of the breach. What began as theft of source code graduated to theft of user password vaults. Even then, the company reassured users that their passwords were secure, since the vaults were still protected by encryption.

    Unfortunately, the company has revised its information — yet again — and acknowledged that an encryption key for at least some downloaded data was also stolen. The breach also impacts other GoTo products.

    “We also have evidence that a threat actor exfiltrated an encryption key for a portion of the encrypted backups,” writes GoTo CEO Paddy Srinivasan. “The affected information, which varies by product, may include account usernames, salted and hashed passwords, a portion of Multi-Factor Authentication (MFA) settings, as well as some product settings and licensing information. In addition, while Rescue and GoToMyPC encrypted databases were not exfiltrated, MFA settings of a small subset of their customers were impacted.”

    Needless to say, LastPass users should immediately change all of their passwords and closely monitor their accounts and services for unauthorized access.

    It is extremely disturbing that the LastPass breach continues to get worse. Despite the situation, the company has still not disclosed important information regarding the incident, such as exactly how many customers have been impacted.

    Given how LastPass has handled this breach, it is increasingly hard to justify using the service or trusting that it can protect its customers.

  • T-Mobile Hit By Yet Another Data Breach, 37 Million Customers Impacted

    T-Mobile Hit By Yet Another Data Breach, 37 Million Customers Impacted

    T-Mobile has once again been hit by a massive data breach, this time impacting some 37 million customers’ data.

    T-Mobile has written a blog post outlining the details of its latest breach:

    We are currently in the process of informing impacted customers that after a thorough investigation we have determined that a bad actor used a single Application Programming Interface (or API) to obtain limited types of information on their accounts.

    The company says it shut down the breach within 24 hours of discovering it, and that customers’ most sensitive information was protected.

    No passwords, payment card information, social security numbers, government ID numbers or other financial account information were compromised. Some basic customer information (nearly all of which is the type widely available in marketing databases or directories) was obtained, including name, billing address, email, phone number, date of birth, account number, and information such as the number of lines on the account and service plan features.

    While the scope of this data breach may have been fairly limited, it’s still disconcerting that the company has experienced two such breaches in as many years, with the last one costing the company $350 million to settle.

    Hopefully T-Mobile will be able to shore up its security and prevent further incidents.

  • Mailchimp Suffers Second Breach In Six Months

    Mailchimp Suffers Second Breach In Six Months

    Mailchimp has suffered yet another security incident that has exposed user data, the second such incident in six months.

    Mailchimp suffered a breach in April 2022, one that exposed the data of more than 100 customers. The company has now revealed in a blog post that it has suffered another breach:

    On January 11, the Mailchimp Security team identified an unauthorized actor accessing one of our tools used by Mailchimp customer-facing teams for customer support and account administration. The unauthorized actor conducted a social engineering attack on Mailchimp employees and contractors, and obtained access to select Mailchimp accounts using employee credentials compromised in that attack.

    Once again, the breach compromised the data of more than 100 customers:

    Based on our investigation to date, this targeted incident has been limited to 133 Mailchimp accounts. There is no evidence that this compromise affected Intuit systems or customer data beyond these Mailchimp accounts.

    It’s unclear why Mailchimp keeps having these breaches, but it certainly doesn’t instill much confidence in the company or its owner, Intuit.

  • LastPass: Hackers Stole Encrypted User Password Vaults

    LastPass: Hackers Stole Encrypted User Password Vaults

    LastPass has issued a security advisory, notifying customers that the data breach it suffered in August was far worse than thought.

    LastPass is a popular password management application. In August, the company informed customers that it had suffered a data breach, one in which “portions of source code and some proprietary LastPass technical information” was stolen. At the time, the company assured customers that no passwords were stolen or compromised.

    The company has provided an update on the situation, informing customers that the data stolen in August was used to compromise an employee’s credentials and gain access to the company’s cloud-based storage service. As a result of this secondary breach, the hacker was able to download a backup copy of customer data vaults.

    The company described the issue in its advisory:

    To date, we have determined that once the cloud storage access key and dual storage container decryption keys were obtained, the threat actor copied information from backup that contained basic customer account information and related metadata including company names, end-user names, billing addresses, email addresses, telephone numbers, and the IP addresses from which customers were accessing the LastPass service.

    The threat actor was also able to copy a backup of customer vault data from the encrypted storage container which is stored in a proprietary binary format that contains both unencrypted data, such as website URLs, as well as fully-encrypted sensitive fields such as website usernames and passwords, secure notes, and form-filled data.

    Despite the severity of the breach, LastPass says customer passwords are still secure…at least for now. The company says encrypted fields are protected using 256-bit AES encryption, with the encryption key based on the user’s master password. Between the strong encryption and the fact that LastPass does not have access to a user’s password, theoretically, users’ password vaults should still be secure.

    Despite the assurance, LastPass says all users should immediately change their master passwords to prevent any risk of the hackers using brute force attacks to try to access the vaults or use some of the unencrypted data in phishing and scam attempts.

    The threat actor may attempt to use brute force to guess your master password and decrypt the copies of vault data they took. Because of the hashing and encryption methods we use to protect our customers, it would be extremely difficult to attempt to brute force guess master passwords for those customers who follow our password best practices. We routinely test the latest password cracking technologies against our algorithms to keep pace with and improve upon our cryptographic controls.

    The threat actor may also target customers with phishing attacks, credential stuffing, or other brute force attacks against online accounts associated with your LastPass vault. In order to protect yourself against social engineering or phishing attacks, it is important to know that LastPass will never call, email, or text you and ask you to click on a link to verify your personal information. Other than when signing into your vault from a LastPass client, LastPass will never ask you for your master password.

    LastPass’ revelation is a disturbing one, given the popularity of the application and the important role it plays in the cybersecurity of countless individuals. One can only hope the company will take drastic steps to ensure such a breach doesn’t happen again.

  • Toyota Leaves Access Key on GitHub Exposing Customer Data

    Toyota Leaves Access Key on GitHub Exposing Customer Data

    Toyota is the latest company to experience a major security breach, leaving an important access key on GitHub for five years.

    According to BleepingComputer, source code for Toyota’s T-Connect software was left online for roughly five years. T-Connect allows users to connect their smartphone with their cars. The feature integrates phone calls, navigation, notifications, music, and vehicles status information.

    Unfortunately, the source code also contained an access key to the server storing customer data, including both email addresses and management numbers. Fortunately, Toyota says customer names, phone numbers, and credit card information were not stored in the same database and remain secure.

    The company also claims there is no evidence anyone accessed the data that was stored in the compromised server, but cannot be sure.

    “As a result of an investigation by security experts, although we cannot confirm access by a third party based on the access history of the data server where the customer’s email address and customer management number are stored, at the same time, we cannot completely deny it,” explains the company, machine translated by BleepingComputer.

  • Uber Says No ‘Sensitive User Data’ Accessed in Breach

    Uber Says No ‘Sensitive User Data’ Accessed in Breach

    In the wake of reports its systems were breached, Uber is reassuring users no “sensitive user data” was accessed.

    Uber acknowledged Thursday it was investigating reports of a data breach after a hacker posted a message on the company’s Slack channel saying they had hacked the company. Screenshots of the breach were shared on Twitter:

    The company now says no “sensitive user data” was accessed and that its systems are coming back online:

    While our investigation and response efforts are ongoing, here is a further update on yesterday’s incident:

    – We have no evidence that the incident involved access to sensitive user data (like trip history).

    – All of our services including Uber, Uber Eats, Uber Freight, and the Uber Driver app are operational.

    – As we shared yesterday, we have notified law enforcement.

    – Internal software tools that we took down as a precaution yesterday are coming back online this morning.

  • LastPass Source Code Stolen in Data Breach

    LastPass Source Code Stolen in Data Breach

    Popular password manager LastPass has revealed that portions of its source code were stolen by hackers in a recent data breach.

    LastPass revealed the news in a blog post, emphasizing that no customer data was stolen and no password vaults were compromised. Instead, the hackers seem to have largely focused on gaining access to the company’s source code.

    We have determined that an unauthorized party gained access to portions of the LastPass development environment through a single compromised developer account and took portions of source code and some proprietary LastPass technical information. Our products and services are operating normally.

    The company emphasizes that customers do not need to take any additional action at this time.

    At this time, we don’t recommend any action on behalf of our users or administrators. As always, we recommend that you follow our best practices around setup and configuration of LastPass which can be found here.

  • T-Mobile Agrees to $350 Million Settlement Data Breach

    T-Mobile Agrees to $350 Million Settlement Data Breach

    T-Mobile has agreed to a $350 million settlement over a data breach in 2021 that impacted some 76 million US individuals.

    A hacker claimed to have breached T-Mobile’s servers in 2021 and tried to sell a subset of the data. T-Mobile acknowledged the breach, saying the compromised data included “customers’ first and last names, date of birth, SSN, and driver’s license/ID information for a subset of current and former postpay customers and prospective T-Mobile customers.”

    According to CNN, the company has agreed to pay a $350 million settlement to address several class-action suits, as well as spend an additional $150 million to improve cybersecurity through 2023.

    “Customers are first in everything we do and protecting their information is a top priority,” the company said in a statement. “Like every company, we are not immune to these criminal attacks. Our efforts to guard against them continue and over the past year we have doubled down on our extensive cybersecurity program to enhance existing programs.”

  • Lapsus$ Strikes Again: Hackers Steal Samsung Galaxy Code

    Lapsus$ Strikes Again: Hackers Steal Samsung Galaxy Code

    Hacker group Lapsus$ is in the news again, this time for stealing 190GB of Samsung data and Galaxy code.

    BleepingComputer reported last week that Lapsus$, the same group that stole Nvidia GPU source code, had stolen a treasure trove of Samsung data. The data included “source code for every Trusted Applet (TA) installed in Samsung’s TrustZone environment used for sensitive operations (e.g. hardware cryptography, binary encryption, access control).” The code also included biometric unlock algorithms, bootloader source code, Samsung activation server code, confidential Qualcomm source code, as well as code for authenticating Samsung accounts.

    Samsung has now confirmed the breach, and the theft of the Galaxy source code, in a statement to *Bloomberg.*

    “There was a security breach relating to certain internal company data,” Samsung said. “According to our initial analysis, the breach involves some source code relating to the operation of Galaxy devices, but does not include the personal information of our consumers or employees. Currently, we do not anticipate any impact to our business or customers. We have implemented measures to prevent further such incidents and will continue to serve our customers without disruption.”

    It has not been a good few days for Samsung, with the company accused of throttling games and other apps on a wide array of its devices, including its most recent flagship S22. The company has promised to release a fix, but it’s not clear what long-term repercussions there may be.

    One thing is certain: A breach of this magnitude is only going to add to Samsung’s woes.

  • FCC Wants Stricter Data Breach Reporting Requirements

    FCC Wants Stricter Data Breach Reporting Requirements

    FCC Chairwoman Jessica Rosenworcel has proposed new requirements that would strengthen data breach reporting rules.

    Data breaches have become a near-daily occurrence, with customers’ data being stolen, bought, and sold on the dark web. While there are requirements in place for how companies should address data breaches, Rosenworcel wants to see those requirements strengthened in a way that protects consumers even more.

    “Current law already requires telecommunications carriers to protect the privacy and security of sensitive customer information. But these rules need updating to fully reflect the evolving nature of data breaches and the real-time threat they pose to affected consumers,” said Chairwoman Rosenworcel. “Customers deserve to be protected against the increase in frequency, sophistication, and scale of these data leaks, and the consequences that can last years after an exposure of personal information. I look forward to having my colleagues join me in taking a fresh look at our data breach reporting rules to better protect consumers, increase security, and reduce the impact of future breaches.”

    In particular, the new proposal would eliminate the seven day mandatory waiting period before companies can notify customers of a breach, require notification of inadvertent breaches, and require carriers to notify the FCC, the FBI, and the US Secret Service of all reportable breaches.

  • Cox Suffered Data Breach by Hacker Impersonating Support Staff

    Cox Suffered Data Breach by Hacker Impersonating Support Staff

    Cox Communications has notified customers of a data breach, a breach it suffered at the hands of a hacker posing as a support agent.

    Social engineering remains of the most successful attack vectors for hackers to exploit. Regardless of how hardened an organization’s security, the human element is often the weakest. 

    It appears Cox has learned this the hard way, with a hacker successfully posing as a support agent to gain access to customer information, including highly sensitive information, according to BleepingComputer.

    “On October 11, 2021, Cox learned that an unknown person(s) had impersonated a Cox agent and gained access to a small number of customer accounts. We immediately launched an internal investigation, took steps to secure the affected customer accounts, and notified law enforcement of the incident,” reads the notification, which was signed by Amber Hall, Chief Compliance and Privacy Officer, and obtained by BleepingComputer.

    “After further investigation, we discover that the unknown person(s) may have viewed certain types of information that are maintained in your Cox customer account, including your name, address, telephone number, Cox account number, Cox.net email address, username, PIN code, account security question and answer, and/or the types of services that you receive from Cox.”

    Cox doesn’t specifically say financial information was accessed, but the company is advising impacted customers to monitor their financial accounts, and is even offering them one year of free Experian IdentityWorks credit monitoring.

    The company has also not disclosed the number of users impacted, but said the breach “impacted a small number of customer accounts.” Cox is working with law enforcement to assist in their investigation.

  • T-Mobile CEO Mike Sievert Apologizes for Hack

    T-Mobile CEO Mike Sievert Apologizes for Hack

    T-Mobile CEO Mike Sievert has issued a statement apologizing for the recent hack that compromised tens of millions of user accounts.

    T-Mobile’s systems were compromised in mid-August, with a treasure-trove of personal data stolen and put online for sale. Depending on the accounts in question, the compromised information contained some combination of names, addresses, date of birth, phone numbers, IMEIs, IMSIs, SSNs and driver’s license/ID information.

    CEO Mike Sievert has issued an apology to customers, calling the entire ordeal a “humbling” experience.

    Attacks like this are on the rise and bad actors work day-in and day-out to find new avenues to attack our systems and exploit them. We spend lots of time and effort to try to stay a step ahead of them, but we didn’t live up to the expectations we have for ourselves to protect our customers. Knowing that we failed to prevent this exposure is one of the hardest parts of this event. On behalf of everyone at Team Magenta, I want to say we are truly sorry.

  • Data of 70 Million AT&T Customers for Sale Online

    Data of 70 Million AT&T Customers for Sale Online

    It’s been a bad week for wireless companies and their subscribers, with data for 70 million AT&T customers reportedly for sale online.

    Just days ago T-Mobile acknowledged a data breach impacting tens of millions of users, the complete scope of which may still not be fully clear. According to Restore Privacy, a hacker is claiming to have the data of 70 million AT&T subscribers and is looking to sell it online.

    In a statement to Restore Privacy, AT&T is denying the data came from its systems.

    Based on our investigation today, the information that appeared in an internet chat room does not appear to have come from our systems.

    The hacker maintains the data is, in fact, from AT&T. The hacker, known as ShinyHunters, is also a well known entity in the hacking community, with a long list of successful hacks against other companies, lending credence to the claims.

    In the meantime, Restore Privacy got a look at a sample of the data and, while they could not confirm it came from AT&T’s systems, the data included a distributing amount of sensitive information. The data included names, social security numbers, phone numbers, addresses, email addresses and dates of birth.

  • Over 40 Million Customers Impacted by T-Mobile Data Breach

    Over 40 Million Customers Impacted by T-Mobile Data Breach

    T-Mobile has provided additional details from its investigation of its recent data breach, sharing that over 40 million people’s records were stolen.

    Earlier this week, news broke that a hacker was trying to sell T-Mobile customer data online, data they claimed to have gotten via compromised T-Mobile servers. The hacker claimed the data contained names, addresses, social security numbers (SSN), driver license information, phone numbers and unique IMEI numbers.

    After confirming a breach occurred, T-Mobile’s investigation has now shed light on the details. The company has confirmed that information for 7.8 million postpaid accounts was included in the stolen data, as well as over 40 million former and customers who had applied for credit. It’s unclear how much overlap there may be between the two groups.

    The company says “some of the data accessed did include customers’ first and last names, date of birth, SSN, and driver’s license/ID information for a subset of current and former postpay customers and prospective T-Mobile customers.”

    However, “no phone numbers, account numbers, PINs, passwords, or financial information were compromised in any of these files of customers or prospective customers.”

    The company is taking steps to help protect those impacted, including providing two years of free identity protection via McAfee’s ID Theft Protection Service. The company also recommends all postpaid customer change their account PIN, and the company is offering Account Takeover Protection to make it harder for an imposter to hijack an account.

    We take our customers’ protection very seriously and we will continue to work around the clock on this forensic investigation to ensure we are taking care of our customers in light of this malicious attack. While our investigation is ongoing, we wanted to share these initial findings even as we may learn additional facts through our investigation that cause the details above to change or evolve.

  • Pearson Agrees to $1 Million Settle With SEC Over Data Breach

    Pearson Agrees to $1 Million Settle With SEC Over Data Breach

    London-based Pearson, a company specializing in educational publishing, has agreed to a $1 million settlement with the SEC over a data breach.

    Pearson suffered a data breach in 2018 that resulted in the theft of millions of student records. Unfortunately, the company misled investors, and continued to do so well into 2019, referring “to a data privacy incident as a hypothetical risk, when, in fact, the 2018 cyber intrusion had already occurred.”

    Pearson’s statements continued to gloss over what really happened as late as July 2019. In addition, the company claimed to have “strict protections,” even though the security vulnerability remained unpatched six months after Pearson became aware of it.

    The company has agreed to settle with the SEC for $1 million as a result of the violations.

    “As the order finds, Pearson opted not to disclose this breach to investors until it was contacted by the media, and even then Pearson understated the nature and scope of the incident, and overstated the company’s data protections,” said Kristina Littman, Chief of the SEC Enforcement Division’s Cyber Unit. “As public companies face the growing threat of cyber intrusions, they must provide accurate information to investors about material cyber incidents.”

  • T-Mobile Confirms Data Breach

    T-Mobile Confirms Data Breach

    T-Mobile has confirmed it has suffered a data breach following reports that information for 100 million customers is for sale online.

    News broke yesterday that a hacker was trying to sell T-Mobile customer information. The hacker claimed to have gained access to T-Mobile servers, copying and backing up the data before he was locked out.

    T-Mobile issued a statement saying they were investigating the claims, but the company has now confirmed the breach occurred.

    We have determined that unauthorized access to some T-Mobile data occurred, however we have not yet determined that there is any personal customer data involved. We are confident that the entry point used to gain access has been closed, and we are continuing our deep technical review of the situation across our systems to identify the nature of any data that was illegally accessed. This investigation will take some time but we are working with the highest degree of urgency. Until we have completed this assessment we cannot confirm the reported number of records affected or the validity of statements made by others.

    We’ll provide updates as T-Mobile does.